GAO: FDA needs to address a number of IT security weaknesses

A significant number of security control weaknesses are jeopardizing the confidentiality, integrity and availability of the Food and Drug Administration’s information and systems, putting industry and public health data at risk, according to an audit by the Government Accountability Office.

“The agency did not fully or consistently implement access controls, which are intended to prevent, limit and detect unauthorized access to computing resources,” the GAO’s report says. “Specifically, FDA did not always adequately protect the boundaries of its network, consistently identify and authenticate system users, limit users’ access to only what was required to perform their duties, encrypt sensitive data, consistently audit and monitor system activity, and conduct physical security reviews of its facilities.”